feat: Add hCaptcha for public forms (#4017)

- added hCaptcha based verification for chatwoot signups Co-authored-by: Sojan <sojan@pepalo.com>
2022-02-18 20:02:50 +05:30
parent 80d83b401c
commit ea44a32758
13 changed files with 123 additions and 7 deletions
--- a/spec/controllers/api/v1/accounts_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts_controller_spec.rb
@@ -30,6 +30,25 @@ RSpec.describe 'Accounts API', type: :request do
        end
      end

+      it 'calls ChatwootCaptcha' do
+        with_modified_env ENABLE_ACCOUNT_SIGNUP: 'true' do
+          captcha = double
+          allow(account_builder).to receive(:perform).and_return([user, account])
+          allow(ChatwootCaptcha).to receive(:new).and_return(captcha)
+          allow(captcha).to receive(:valid?).and_return(true)
+
+          params = { account_name: 'test', email: email, user: nil, user_full_name: user_full_name, password: 'Password1!',
+                     h_captcha_client_response: '123' }
+
+          post api_v1_accounts_url,
+               params: params,
+               as: :json
+
+          expect(ChatwootCaptcha).to have_received(:new).with('123')
+          expect(response.headers.keys).to include('access-token', 'token-type', 'client', 'expiry', 'uid')
+        end
+      end
+
      it 'renders error response on invalid params' do
        with_modified_env ENABLE_ACCOUNT_SIGNUP: 'true' do
          allow(account_builder).to receive(:perform).and_return(nil)
--- a/spec/lib/chatwoot_captcha_spec.rb
+++ b/spec/lib/chatwoot_captcha_spec.rb
@@ -0,0 +1,25 @@
+require 'rails_helper'
+
+describe ChatwootCaptcha do
+  it 'returns true if HCAPTCHA SERVER KEY is absent' do
+    expect(described_class.new('random_key').valid?).to eq(true)
+  end
+
+  context 'when HCAPTCHA SERVER KEY is present' do
+    before do
+      create(:installation_config, { name: 'HCAPTCHA_SERVER_KEY', value: 'hcaptch_server_key' })
+    end
+
+    it 'returns false if client response is blank' do
+      expect(described_class.new('').valid?).to eq false
+    end
+
+    it 'returns true if client response is valid' do
+      captcha_request = double
+      allow(HTTParty).to receive(:post).and_return(captcha_request)
+      allow(captcha_request).to receive(:success?).and_return(true)
+      allow(captcha_request).to receive(:parsed_response).and_return({ 'success' => true })
+      expect(described_class.new('valid_response').valid?).to eq true
+    end
+  end
+end